IT Braces for 'J-SOX' Rules 57
jcatcw writes to mention that Japan-based businesses are prepping for new requirements, called J-SOX, similar to Sarbanes-Oxley in the United States. Even though details are not expected until next month, many IT managers are already working on implementing controls to handle the expected regulations. "Marios Damianides, an IT risk management consultant and partner at Ernst & Young LLP in New York, said he expects that the relaxation of some Sarbanes-Oxley requirements by the Public Company Accounting Oversight Board in the U.S. late last year should help ensure that the J-SOX rules won't be excessive for businesses."
Comment anonymous for obvious reasons... (Score:1, Interesting)
The main thing that's come out of it is that we've had to document all procedures relating to the production systems - no more flying by the seat of your pants.
Re:Comment anonymous for obvious reasons... (Score:5, Interesting)
Flashbacks (Score:2, Interesting)
I understand the need to track who did what and why and what the code is and all that jazz... But seriously, a year of my life was lost in that red tape...
Bye Bye public companies... (Score:5, Interesting)
I'm kinda surprised that Japan would be similarly desperate to rid itself of publicly traded companies.
I spent 3 months in 2006 dedicated to this BS. (Score:2, Interesting)
Instead of implementing some much desired features and efficiencies in our systems, we had to jump through hoops ensuring that everything was 'audit ready'. Logs whenever data enters or leaves a system, documentation of all that, etc...
We're already dealing with J-SOX...your god help me if Europe and Asia start the same crap.
Personal experience with SOX (Score:1, Interesting)
I can't take purchase orders that are not 100% perfectly filled out. It doesn't matter if I've been doing business with that company for 20 years and they all know me. The PO is now a LEGAL document (contract) and must be completed in full before my manufacturer's will take the order. You know the criteria I am talking about -- FOB, terms, Delivery date, quoted item, a price, etc. Lots of times, with people you've been doing business with a long time, they just send over the purchase order with enough information to fill the order. But again, "enough information to fill the order" and "perfectly filled out" are not the same thing. A simple example is a customer who is picking up the item. They may not fill out the shipping method because - duh - they are picking up from us down the street. That purchase order would not be accepted. It should say "customer pickup", per SOX (not directly, but SOX requires orders/revenues to be fully documented and companies take it to extremes - like with PO's)
Now, throw in a mix of bureaucracy and attorneys arguing over terms and conditions (net 30, net 60, etc) and guess what? Nothing gets sold.
It IS happening out in the field and I can safely say that SOX is having some unintended consequences.
Re:Comment anonymous for obvious reasons... (Score:2, Interesting)
If you have a more flexible group, then the vagueness might help.
Re:Comment anonymous for obvious reasons... (Score:3, Interesting)
Which leads to your point i.e. Great, they've added a layer of detail by requiring IT to be "compliant", but it's so vague *within* that layer it's a nightmare.
I've heard they might be talking about getting rid of the IT controls from SOX entirely and just letting companies get on with it.
Re:Bye Bye public companies... (Score:4, Interesting)
Sarbox, as being practiced these days, are not best practices, except at the largest of companies. A lot of it is crap, and we're going to rolled over by more nimble competitors if we don't watch out.
You know what, sometimes people are going to steal. And when you find that out, you prosecute. I'm sure there were plenty of laws that the Enron guys could have been charged with regardless of Sarbox.
I don't think the controls at my company have been improved one bit because Joan in AP can't see the AR screens. Actually, it's worse now, because Joan can take over in a pinch in AR, all in the irrational fear that if she's given access to some information that's not part of her regular function, she's suddenly going to steal.
And a little change to a webpage now takes 3 months (I'm talking a piece of text!). But, it is Sarbox compliant!
Whoop-de-effing-do.